{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"HTTPS 認知"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 其實是 HTTP + SSL 協議組成的安全協議。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們知道,從我們輸入 URL 到頁面呈現的過程是作用於 HTTP 協議的,HTTP 協議保證我們網絡傳輸數據的基礎,但是安全性無法保證,而 SSL 協議作用於 Http 協議就能解決安全問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 保證以下三點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"數據內容加密"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"數據完整性保護(數字摘要、數字簽名)"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"身份認證"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 保證安全性要點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"握手階段:使用 "},{"type":"codeinline","content":[{"type":"text","text":"非對稱加密技術"}]},{"type":"text","text":" 對 "},{"type":"codeinline","content":[{"type":"text","text":"公鑰"}]},{"type":"text","text":" 進行加密"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"傳輸階段:使用 "},{"type":"codeinline","content":[{"type":"text","text":"對稱加密技術"}]},{"type":"text","text":" 對 "},{"type":"codeinline","content":[{"type":"text","text":"報文"}]},{"type":"text","text":" 進行加密"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於 HTTPS 多了一層使用非對稱加密算法對公鑰進行加密的過程,因此建立連接的時間比 HTTP 要慢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"握手階段保證了連接是安全的,那麼後續的數據傳輸就可以安全的進行傳輸,因此可採用耗時較少的對稱加密算法對報文進行加密傳輸。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 解構"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/6d\/6d9b9504141258dd1129c2b96c9168a6.webp","alt":"Image","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上圖中,我們看到 SSL 協議的作用,在瞭解保證數據安全的 SSL 協議之前,我們先了解一些關於數據安全涉及的一些概念。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"加解密相關概念"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"對稱加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 私鑰加密、單密鑰算法、傳統密碼算法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 指使用 "},{"type":"codeinline","content":[{"type":"text","text":"相同的密鑰"}]},{"type":"text","text":" 進行加解密,因此從加密密鑰可以推算出解密密鑰,也可以從解密密鑰推算出加密密鑰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"常見的對稱加密算法:"},{"type":"text","text":" DES(Data Encryption Standard)、AES(Advanced Encryption Standard)、RC4、IDEA"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"非對稱加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 公鑰加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 公鑰是對外公開的,私鑰存儲在通信兩端的各自手裏。客戶端跟加密的公鑰形成一對密鑰對, 服務端跟加密的公鑰形成另外一對密鑰對,加解密的密鑰是成對的"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"限制:"},{"type":"text","text":" 加密內容的長度不能超過公鑰的長度"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字摘要"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 數字指紋"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 明文采用單項 Hash 函數生成的一串固定長度(128 位)的密文。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字簽名"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"概念:非對稱密鑰加密技術和數字摘要的混合應用"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"數字簽名過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、發送者使用 Hash 函數 (H) 將原文生成數字摘要 A"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、發送者使用自己的私鑰, 對數字摘要 A 進行加密, 生成密文 CypherA"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、將密文 CypherA 與原文一起傳送給接收者"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"數字簽名驗證(信息的完整性)過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、接收者使用 Hash 函數 (H) 將接收到的原文生成數字摘要 B (B === A, H 函數是一樣的)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、接收者使用公鑰,對接收到的加密密文 (CypherA) 進行解密, 得到數字摘要 B'"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、對比 B' 與 B 是否相等, 如果相等,說明收到的信息是完整的並且消息確實是由該發送方簽名併發送的(因爲私鑰只有發送方自己知道),在傳輸過程中沒有被修改;否則信息被修改"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/37\/3758d39eaf8214e950257b17c9f47527.webp","alt":"Image","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後比較數字摘要 A 與數字摘要 A'是否相等,也可以逆向使用 Hash()函數,將摘要 A'進行還原得到明文,比較改明文與傳過來的原文是否一致(都是 pig)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"數字簽名"}]},{"type":"text","text":" 是個 "},{"type":"codeinline","content":[{"type":"text","text":"加密"}]},{"type":"text","text":" 的過程,"},{"type":"codeinline","content":[{"type":"text","text":"數字簽名驗證"}]},{"type":"text","text":" 是個 "},{"type":"codeinline","content":[{"type":"text","text":"解密"}]},{"type":"text","text":" 的過程。一次數字簽名涉及到一個哈希函數、接收者的公鑰、發送方的[私鑰]。"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"僞代碼"}]},{"type":"codeblock","attrs":{"lang":"javascript"},"content":[{"type":"text","text":"\/\/ 單項 Hash 函數\nfucntion Hash (plainText) { \/\/ 傳入明文參數\n \/\/ 明文加密過程\n const encryptedAbstract = encrypt(plainText)\n \/\/ 返回固定長度(128 位)的數字摘要\n return encryptedAbstract\n}\n\n\/\/ 發送者使用自己的私鑰對明文產生的數字摘要進行加密, 生成密文 CypherA\nfunction doEncrypt (senderPrivateKey, encryptedAbstract) {\n const CypherA = encrypt(senderPrivateKey, encryptedAbstract)\n return CypherA\n}\n\n\/\/ 發送報文\nfunction sendMessage (plainText) {\n const encryptedAbstract = Hash(plainText)\n const CypherA = doEncrypt(senderPrivateKey, encryptedAbstract) \/\/ 加密\n return {\n CypherText: CypherA,\n originText: plainText\n }\n}\n\n\/\/ 接收者用公鑰解密\nfunction doDecrypt (publicKey, encryptedAbstract) {\n const decryptedAbstract = decrypt(publicKey, encryptedAbstract)\n return decryptedAbstract\n}\n\n\/\/ 接收報文\nfunction receiveMessage (CypherA, plainText) {\n const encryptedAbstract = Hash(plainText)\n const decryptedAbstract = doDecrypt(publicKey, encryptedAbstract) \/\/ 解密\n if (decryptedAbstract === encryptedAbstract) {\n console.log('1、the sender is true') \/\/ 消息發送者的確認\n console.log('2、the message is complete') \/\/ 消息完整性的確認\n }\n}\n\nconst message = sendMessage(plainText) \/\/ 數字簽名過程\nreceiveMessage (message.CypherText, message.originText) \/\/ 數字簽名認證過程\n"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字證書"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上述數字簽名的過程中,我們如何保證這個公鑰是可信任的?這就是數字證書存在的必要性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字證書主要用於加密、簽名、身份認證。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字證書由 "},{"type":"codeinline","content":[{"type":"text","text":"證書頒發機構(CA, Certification Agent)"}]},{"type":"text","text":" 頒發, CA 會在頒發證書之前以及使用證書時對持有者的身份進行驗證,它讓客戶端有能力去識別公鑰是否來自合法的服務器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"證書頒發機構(CA)"}]},{"type":"text","text":" 頒發包含公鑰和所有者身份的數字證書。匹配的私鑰不是公開的,而是由生成密鑰對的最終用戶保密。證書還是 CA 的確認或驗證,證書中包含的公鑰屬於證書中標註的個人,組織,服務器或其他實體。CA 在此類方案中的義務是驗證申請人的憑證,以便用戶和信賴方可以信任 CA 證書中的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當您訪問使用 HTTPS(安全連接)的網站時,該網站的服務器會使用證書向瀏覽器(如 Chrome)證明該網站的身份。證書中包含的公鑰信息是可信任的, 如果證書不存在、證書被篡改、證書失效等情況,瀏覽器會在左上角提示你該網站不安全。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簽名驗證鏈條:"},{"type":"codeinline","content":[{"type":"text","text":"client
你瞭解數據安全傳輸嗎?
{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"HTTPS 認知"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 其實是 HTTP + SSL 協議組成的安全協議。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們知道,從我們輸入 URL 到頁面呈現的過程是作用於 HTTP 協議的,HTTP 協議保證我們網絡傳輸數據的基礎,但是安全性無法保證,而 SSL 協議作用於 Http 協議就能解決安全問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 保證以下三點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"數據內容加密"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"數據完整性保護(數字摘要、數字簽名)"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"身份認證"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 保證安全性要點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"握手階段:使用 "},{"type":"codeinline","content":[{"type":"text","text":"非對稱加密技術"}]},{"type":"text","text":" 對 "},{"type":"codeinline","content":[{"type":"text","text":"公鑰"}]},{"type":"text","text":" 進行加密"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"傳輸階段:使用 "},{"type":"codeinline","content":[{"type":"text","text":"對稱加密技術"}]},{"type":"text","text":" 對 "},{"type":"codeinline","content":[{"type":"text","text":"報文"}]},{"type":"text","text":" 進行加密"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於 HTTPS 多了一層使用非對稱加密算法對公鑰進行加密的過程,因此建立連接的時間比 HTTP 要慢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"握手階段保證了連接是安全的,那麼後續的數據傳輸就可以安全的進行傳輸,因此可採用耗時較少的對稱加密算法對報文進行加密傳輸。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"HTTPS 解構"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/6d\/6d9b9504141258dd1129c2b96c9168a6.webp","alt":"Image","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上圖中,我們看到 SSL 協議的作用,在瞭解保證數據安全的 SSL 協議之前,我們先了解一些關於數據安全涉及的一些概念。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"加解密相關概念"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"對稱加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 私鑰加密、單密鑰算法、傳統密碼算法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 指使用 "},{"type":"codeinline","content":[{"type":"text","text":"相同的密鑰"}]},{"type":"text","text":" 進行加解密,因此從加密密鑰可以推算出解密密鑰,也可以從解密密鑰推算出加密密鑰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"常見的對稱加密算法:"},{"type":"text","text":" DES(Data Encryption Standard)、AES(Advanced Encryption Standard)、RC4、IDEA"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"非對稱加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 公鑰加密"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 公鑰是對外公開的,私鑰存儲在通信兩端的各自手裏。客戶端跟加密的公鑰形成一對密鑰對, 服務端跟加密的公鑰形成另外一對密鑰對,加解密的密鑰是成對的"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"限制:"},{"type":"text","text":" 加密內容的長度不能超過公鑰的長度"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字摘要"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"別名:"},{"type":"text","text":" 數字指紋"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"概念:"},{"type":"text","text":" 明文采用單項 Hash 函數生成的一串固定長度(128 位)的密文。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字簽名"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"概念:非對稱密鑰加密技術和數字摘要的混合應用"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"數字簽名過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、發送者使用 Hash 函數 (H) 將原文生成數字摘要 A"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、發送者使用自己的私鑰, 對數字摘要 A 進行加密, 生成密文 CypherA"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、將密文 CypherA 與原文一起傳送給接收者"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"數字簽名驗證(信息的完整性)過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、接收者使用 Hash 函數 (H) 將接收到的原文生成數字摘要 B (B === A, H 函數是一樣的)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、接收者使用公鑰,對接收到的加密密文 (CypherA) 進行解密, 得到數字摘要 B'"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、對比 B' 與 B 是否相等, 如果相等,說明收到的信息是完整的並且消息確實是由該發送方簽名併發送的(因爲私鑰只有發送方自己知道),在傳輸過程中沒有被修改;否則信息被修改"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/37\/3758d39eaf8214e950257b17c9f47527.webp","alt":"Image","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後比較數字摘要 A 與數字摘要 A'是否相等,也可以逆向使用 Hash()函數,將摘要 A'進行還原得到明文,比較改明文與傳過來的原文是否一致(都是 pig)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"數字簽名"}]},{"type":"text","text":" 是個 "},{"type":"codeinline","content":[{"type":"text","text":"加密"}]},{"type":"text","text":" 的過程,"},{"type":"codeinline","content":[{"type":"text","text":"數字簽名驗證"}]},{"type":"text","text":" 是個 "},{"type":"codeinline","content":[{"type":"text","text":"解密"}]},{"type":"text","text":" 的過程。一次數字簽名涉及到一個哈希函數、接收者的公鑰、發送方的[私鑰]。"}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"僞代碼"}]},{"type":"codeblock","attrs":{"lang":"javascript"},"content":[{"type":"text","text":"\/\/ 單項 Hash 函數\nfucntion Hash (plainText) { \/\/ 傳入明文參數\n \/\/ 明文加密過程\n const encryptedAbstract = encrypt(plainText)\n \/\/ 返回固定長度(128 位)的數字摘要\n return encryptedAbstract\n}\n\n\/\/ 發送者使用自己的私鑰對明文產生的數字摘要進行加密, 生成密文 CypherA\nfunction doEncrypt (senderPrivateKey, encryptedAbstract) {\n const CypherA = encrypt(senderPrivateKey, encryptedAbstract)\n return CypherA\n}\n\n\/\/ 發送報文\nfunction sendMessage (plainText) {\n const encryptedAbstract = Hash(plainText)\n const CypherA = doEncrypt(senderPrivateKey, encryptedAbstract) \/\/ 加密\n return {\n CypherText: CypherA,\n originText: plainText\n }\n}\n\n\/\/ 接收者用公鑰解密\nfunction doDecrypt (publicKey, encryptedAbstract) {\n const decryptedAbstract = decrypt(publicKey, encryptedAbstract)\n return decryptedAbstract\n}\n\n\/\/ 接收報文\nfunction receiveMessage (CypherA, plainText) {\n const encryptedAbstract = Hash(plainText)\n const decryptedAbstract = doDecrypt(publicKey, encryptedAbstract) \/\/ 解密\n if (decryptedAbstract === encryptedAbstract) {\n console.log('1、the sender is true') \/\/ 消息發送者的確認\n console.log('2、the message is complete') \/\/ 消息完整性的確認\n }\n}\n\nconst message = sendMessage(plainText) \/\/ 數字簽名過程\nreceiveMessage (message.CypherText, message.originText) \/\/ 數字簽名認證過程\n"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"數字證書"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上述數字簽名的過程中,我們如何保證這個公鑰是可信任的?這就是數字證書存在的必要性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字證書主要用於加密、簽名、身份認證。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字證書由 "},{"type":"codeinline","content":[{"type":"text","text":"證書頒發機構(CA, Certification Agent)"}]},{"type":"text","text":" 頒發, CA 會在頒發證書之前以及使用證書時對持有者的身份進行驗證,它讓客戶端有能力去識別公鑰是否來自合法的服務器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"證書頒發機構(CA)"}]},{"type":"text","text":" 頒發包含公鑰和所有者身份的數字證書。匹配的私鑰不是公開的,而是由生成密鑰對的最終用戶保密。證書還是 CA 的確認或驗證,證書中包含的公鑰屬於證書中標註的個人,組織,服務器或其他實體。CA 在此類方案中的義務是驗證申請人的憑證,以便用戶和信賴方可以信任 CA 證書中的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當您訪問使用 HTTPS(安全連接)的網站時,該網站的服務器會使用證書向瀏覽器(如 Chrome)證明該網站的身份。證書中包含的公鑰信息是可信任的, 如果證書不存在、證書被篡改、證書失效等情況,瀏覽器會在左上角提示你該網站不安全。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簽名驗證鏈條:"},{"type":"codeinline","content":[{"type":"text","text":"client
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章